Defines how often a data snapshot of environments is taken. A data snapshot consists of the information displayed on the home page for the environment as well as other basic information. The default is every 5 minutes.
This setting defines the default interval used by Edge Agents when checking in with the Portainer instance.
Replaces our logo with your own. Toggle on and enter the URL to the logo. The recommended size is 155px by 55px.
We collect anonymized information about your Portainer installation to help with our product development. You can opt out during installation, or toggle this setting off at any time.
This setting allows you to specify a custom text banner that will appear on the login screen for all users. This could be used to provide informational detail, a warning message, or whatever you need. To enable this, toggle the Login screen banner option on and enter your message in the Details box.
Your message will then be shown at the login screen.
You can deploy containers and services using Portainer's set of built-in app templates, or replace them with your own set of templates. Once you have a JSON file containing the template definitions, you can provide the URL to it here.
If you wish to use your own Helm repository in place of the Bitnami repository we include by default, you can enter the URL here.
Here you can select the expiry time for exported kubeconfig files from this dropdown. The new expiry time will only apply to configurations created after this value was changed. Administrators are also able to disable Kubeconfig download for non-admin users here.
Tokens used in kubeconfig files become invalid when Portainer restarts — irrespective of the value set for Kubeconfig expiry. In this case, you will need to re-download the kubeconfig file.
This option lets administrators disable KubeShell access for non-admin users.
In this section you can configure various Kubernetes-specific deployment options.
This section lets you supply a certificate authority (CA) file for use with HTTPS connections to Helm repositories from Portainer. This is useful if the TLS certificate your Helm repository uses is signed by a custom CA, and applies to both the Helm Repository configured above and to Helm repositories configured per environment.
This feature is only available in Portainer Business Edition.
During installation, Portainer by default creates a self-signed SSL certificate to encrypt traffic between the Portainer Server and the end user, as well as between the Portainer Server and the Portainer Agent. This certificate can be replaced with your own certificate.
We recommend including the full chain in the certificate to ensure compatibility. If you do not have the full chain for your certificate, ask your certificate provider or use What's My Chain Cert? to generate it.
If you have configured your Portainer Server instance to listen on 9443 (HTTPS) and 9000 (HTTP) you can toggle Force HTTPS only on to disable listening on port 9000.
Make sure that your HTTPS configuration is working correctly before enabling this option. Failure to do so may result in you being locked out of your Portainer installation.
Ensure that any Edge agents have been correctly configured for HTTPS communication before enabling this.
After making changes to this section, click Apply Changes.
This section allows you to enable experimental Portainer features for use in your deployment. These features are in early development and have gone through a limited set of testing, and are provided to users in order to gather feedback on the feature at an earlier stage of development.
Enabling experimental features on production deployments should be done cautiously and at your own risk.
Stops a container from appearing in the Portainer UI through the container label. Enter the name and value of the label, then click Add filter. Containers with matching labels will be hidden.
This setting contains all of the information that Portainer stores on the /data volume, archived in a tar.gz file, and is optionally encrypted with a password. This archive is all you need to restore Portainer.
This backup is only intended to back up the Portainer configuration. It does not back up what you have deployed on your environments (for example, containers, stacks, services, volumes, etc).
Log in as an admin user. From the menu select Settings, then scroll down to the Back up Portainer section.
Download backup file is the default option. As an optional step, toggle Password protect on and enter a password to encrypt the backup file. When you click Download backup, a tar.gz file will be downloaded via the browser.
With Portainer Business Edition you have the option to store a backup of your configuration in an S3 bucket, either on demand or on a defined schedule.
To do this, log in as an admin user, select Settings from the menu, then scroll down to Backup Portainer.
Select Store in S3 and fill in the options, using the below as a guide.
Restoring a configuration is only possible on a fresh instance of Portainer during the initial installation. When you need to restore Portainer, deploy a fresh instance of Portainer with an empty data volume and choose the Restore Portainer from backup option during setup.
On the initialization page, expand Restore Portainer from backup. Click Select file then browse to and select the tar.gz backup file. If the backup was originally encrypted, enter the password then click Restore Portainer.
The restore might take a few moments. When it has finished, you will be redirected to the login page. You can now log in with your previous credentials and your previous configuration will be restored.
This feature is only available in Portainer Business Edition.
Restoring a configuration is only possible on a fresh instance of Portainer during the initial installation. When you need to restore Portainer, deploy a fresh instance of Portainer with an empty data volume and choose the Restore Portainer from backup option during setup, making sure to select Retrieve from S3. Complete the fields using the table below as a guide.
When you're ready, click Restore Portainer. The restore might take a few moments. When it has finished, you will be redirected to the login page. You can now log in with your previous credentials and your previous configuration will be restored.
| Field/Option | Overview |
|---|---|
| Field/Option | Overview |
|---|---|
| Field/Option | Overview |
|---|---|
| Field/Option | Overview |
|---|---|
Enforce code-based deployment
Enable this option to hide the Add with form button when deploying applications and prevent the adding or editing of Kubernetes resources via forms.
Allow web editor and custom template use
When code-based deployment is enforced, enable this to allow the use of the web editor and custom templates when deploying an application.
Allow specifying of a manifest via a URL
When code-based deployment is enforced, enable this allow the use of the URL option when deploying an application.
Allow per-environment override
Enable this to allow the above enforcement options to be overridden on a per-environment basis.
Require a note on applications
Enable this to require that deployments have the Notes field completed in order to deploy. This setting currently only applies when deploying via a form.
Allow stacks functionality with Kubernetes environments
Enable this to allow grouping of Kubernetes deployments into "stacks", helping to organize and manage related workloads. Disabling this option will hide the stacks functionality on your Kubernetes environments.
Enable OpenAI integration
Toggle this on to enable the OpenAI integration. When this is enabled, individual users will need to add their OpenAI key in their account settings for the feature to be available to them.
Schedule automatic backups
Enable this to schedule an automatic backup of your configuration to an S3 bucket.
Cron rule
Define how often you want the backup to run using the cron format.
[minute] [hour] [day of month] [month] [day of week]
For example, the following would run a backup at 3:41am every Tuesday:
41 3 * * 2
Access Key ID
Enter the access key ID for your S3 bucket.
Secret Access Key
Enter the secret key for your S3 bucket.
Region
Enter the region where your bucket is located (for example, us-west-1).
Bucket name
Enter the name of your S3 bucket.
S3 compatible host
If you are using a non-AWS S3-compatible provider (such as MinIO), enter the URL (including the protocol and port if necessary) here. If you're using AWS S3, leave this blank.
Password protect
Enable this to protect your backups with a password.
Password
Enter the password to set on your backups.
Access key ID
Enter the access key ID for your S3 bucket.
Secret access key
Enter the secret key for your S3 bucket.
Region
Enter the region where your bucket is located (for example, us-west-1).
Bucket name
Enter the name of your S3 bucket.
S3 Compatible Host
If you are using a non-AWS S3-compatible provider (such as MinIO), enter the URL (including the protocol and port if necessary) here. If you're using AWS S3, leave this blank.
Filename
Enter the filename of the backup you want to restore.
Password
Enter the password set on your backup (if any).
